An unexpected error occurred: There were too many requests of a given type :: Error creating new authz :: many currently pending authorizations

Please fill out the fields below so we can help you better.

My domain is:
storyfusion.de (www.storyfusion.de, story-fusion.de, www.story-fusion.de)

I ran this command:
./certbot-auto certonly --standalone -d storyfusion.de -d www.storyfusion.de -d story-fusion.de -d www.story-fusion.de

It produced this output:
An unexpected error occurred: There were too many requests of a given type :: Error creating new authz :: many currently pending authorizations

My web server is (include version):
EX51 Rootserver (Hetzner)

The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-92-generic x86_64)

My hosting provider, if applicable, is:
myself

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

So I am totally lost now. I run a server for my friends an me. There are about 30 domains on that server and all use a Let’sEncrypt SSL Certificate, wich was working well until some few days ago. I make use of certbot-auto and it never showed any big or unsolvable problems. I also have a mail-vm on my server (with zimbra) and it’s certificate was near expiration, so I wanted to renew it, but I got stuck and was presented: “An unexpected error occurred: There were too many requests of a given type :: Error creating new authz :: many currently pending authorizations” instead.

Now the certificate is expired and I still don’t know why there are currently so many pending authorizations. Until the end of July, I was always renewing the certificates manually. From then, I had set up a cron, that ran twice a month! So I don’t understand where these many pending authorizations come from. And I don’t understand how to clear them so that everything goes back to normal. ( I have had to buy a certificate already for my mail-vm and for my main-website, but the next certificates will expire in about 18 days and I really need to get them renewed by that date.)

What can I do?

I have read through the various topics on this forum, but none seems to be of help to my problem. (And I didn’t get how to clear the pending certificates and what to use to run that clearification). Sure, I haven’t waited a week for the problem to dissolve, because my time was running out and I don’t want this to happen again.

Best regards,
Patrick

Hi Patrick,

The pending authorizations error is likely to occur if a Let’s Encrypt client application crashed or otherwise gave up in the middle of the process. Can you look in /var/log/letsencrypt to see the timing of occasions when Certbot has been run, and check whether it was run more often than you expect, e.g. other than the cron job that you had created or times that you remember running it yourself?

Do you remember any other errors or failures that happened before this particular error started to appear? Can you find any references to other earlier errors or failures in those log files in /var/log/letsencrypt?

Is the mail-vm running its own copy of Certbot or some other Let’s Encrypt client? Is it automated somehow with its own cron job or something similar?

There is a tool for clearing pending authorizations which you might have found in one of the other threads. It requires some specific authz object URLs which could also appear in /var/log/letsencrypt (but if you can find those, you might also be able to find the reason why they are stuck in a pending state, such as an error message related to a Certbot crash).

Hi schoen,

thanks for your answers and sorry for my late response. I am really disappointedat the moment and I don’t have the slightest idea, why something that worked for months has now stopped working. Sure, there have been updates to the OS, but that hasn’t been a problem before.

I don’t have any cron-renewals anymore (I deleted them at the time of my last posting). So there were no new automatic trials to renew any certificates in these 13 days. Since the next certificates will expire in about nine days, I tried to renew them manually today. None of them got renewed and all showed the given error message.

I tried the use the staging parameter with a certificate for a domain, that is not so important and it worked once, but running the same command without the stating again showed the well known error message. So this domain is now running a test-certificate and that’s it.

The important domain certificates still cannot be renewed.

I found those clearing pending authorization tools but I may have used them incorrectly or they did not really help with the problem. There are no real indicators visible to me in the logs of letsencrypt. Maybe there is somewhere a Step1 - Step2 - Step3 instruction manual for using those scripts, though I haven’t found one helping me with the given problems yet.

I have bought certificates for the last domains that expired 13 days ago. A certificate for the mail-vm/-domain was included in that. But what can I really do about the next expiring certificates?

Hi @Patmo,

The error that you saw is basically associated with a Let's Encrypt client that crashed. In that case, it can leave server-side resources in an occupied state. This can last for quite some time even when the renewal is not being re-attempted frequently.

There has been a server-side change very recently (today) that treats this situation a bit more leniently:

If the new change doesn't fix your issuance problem, we would really need to see the earlier client-side logs from /var/log/letsencrypt to understand how and why your client crashed in the process of requesting certificates (probably failed automated renewals). There is a known bug where this can happen sometimes when you use --standalone with a TCP port that's unavailable because that port is bound by a running webserver.

Thank you so much! It seems that this new change did fix my problem. I didn’t try to renew the certificates automatically but the manual renewal process certificate after certificate worked out well today.

Thank you very much!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.